Malware

How to remove “Program:Win32/Ymacco.AAAD”?

Malware Removal

The Program:Win32/Ymacco.AAAD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Program:Win32/Ymacco.AAAD virus can do?

  • Executable code extraction
  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • A process attempted to delay the analysis task by a long amount of time.
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Program:Win32/Ymacco.AAAD?



File Info:

crc32: 184F277B
md5: 6591a8de075b55df95cd3b86f5d20b6c
name: 6591A8DE075B55DF95CD3B86F5D20B6C.mlw
sha1: 25afb3f85386f60eab3e87a6175a35fd9a69b1fa
sha256: ad8c39dd653efe7b18b41472d7f95fe9f707a430179c6e5eb9af197cc3235b03
sha512: 0a718ea7602c381f128b1f79604d6c244b9d9752076bf7d0af5bd5133036b865c55aeffb0e6184feff8cbea55e2306a43131c012a5c011fdbe4d54cd1024ebcf
ssdeep: 3072:tO+b0Q1QZQ6QuQP1pNOtcR1sGFHlx5QN0SGrgv+iwTIH9ZZSTPCEyS+Vja8ziry:txD1bOaR1Hbg0vr2+3SZSDCFZW8u2
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Tail noise Corporation. All rights reserved. Throw talk
InternalName: Final Thing
FileVersion: 1.1.0.806
CompanyName: Tail noise Corporation
ProductName: Tail noisexae Coverbreakxae 
ProductVersion: 1.1.0.806
FileDescription: Tail noise Coverbreak
Round: Head had
OriginalFilename: Group.dll
Translation: 0x0409 0x04b0

Program:Win32/Ymacco.AAAD also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.35531988
McAfeeTrojan-FRGC!6591A8DE075B
CylanceUnsafe
AegisLabTrojan.Win32.Generic.4!c
BitDefenderTrojan.GenericKD.35531988
ArcabitTrojan.Generic.D21E2CD4
SymantecML.Attribute.HighConfidence
APEXMalicious
KasperskyUDS:DangerousObject.Multi.Generic
RisingTrojan.Generic@ML.89 (RDML:O2gPtq6Y0sQ7cYatexAi0A)
Ad-AwareTrojan.GenericKD.35531988
SophosML/PE-A
F-SecureTrojan.TR/AD.UrsnifDropper.hcfxt
DrWebTrojan.Gozi.770
McAfee-GW-EditionTrojan-FRGC!6591A8DE075B
FireEyeGeneric.mg.6591a8de075b55df
EmsisoftTrojan.GenericKD.35531988 (B)
AviraTR/AD.UrsnifDropper.hcfxt
MicrosoftProgram:Win32/Ymacco.AAAD
ZoneAlarmUDS:DangerousObject.Multi.Generic
GDataTrojan.GenericKD.35531988
CynetMalicious (score: 90)
Acronissuspicious
ALYacTrojan.GenericKD.35531988
MAXmalware (ai score=80)
MalwarebytesTrojan.Ursnif
ESET-NOD32a variant of Win32/Kryptik.HHYT
FortinetW32/PhotoDlder.JREV!tr
AVGFileRepMalware
Qihoo-360Generic/Trojan.Dropper.1b1

How to remove Program:Win32/Ymacco.AAAD?

Program:Win32/Ymacco.AAAD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment